[Opendnssec-user] reset datecounter
Matthijs Mekking
matthijs at pletterpet.nl
Mon Mar 16 08:41:45 UTC 2015
Hi Emil,
There is no intuitive way to do this in OpenDNSSEC, but if I ran into
this situation I would:
1. Stop the signer: $ ods-signer stop
2. Set the SOA serial in the unsigned zone to match todays date.
Not strictly necessary, but if your unsigned SOA serial is off by too
much difference, possibly the datecounter serial cannot be applied per
RFC 1982 logic.
3. Remove all /var/opendnssec/tmp files that correspond to the zone, to
clear the zone's state.
4. Start the signer again.
Best regards,
Matthijs
On 15-03-15 12:36, Emil Natan wrote:
> Hello,
>
> I have a policy with a single zone and I'm using datecounter to set the
> SOA serial. Using datecounter the serial has the following format -
> YYYYMMDDNN and the last two digits represent a running number which is
> increased on each zone resign. I had to debug a problem and ran a loop
> of few hundreds resigns and as a result the DD part of the serial went
> few forward and now one of the checks which compares the serial with the
> current date breaks. The slaves never saw these zones so there won't be
> a problem with the zone transfer once I can reset the serial to
> something that comply with today's date. I tried to remove the
> temp/.backup file under /var/opendnssec/tmp which holds information from
> the last signing, but it did not help. I searched the database (mysql),
> but found nothing related.
> Any ideas?
>
> Thanks.
> Emil
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list